Computers are finding more and more uses in a wide variety of fields and locations. The ability to obtain ever-increasing performance at an ever-decreasing price is expanding the fields where computers can be used. These reduced costs make “public” computers more and more plausible. Public computers refer to computers that are set up and generally available for use by the public, such as in a hotel room, in a kiosk at an airport or shopping mall, in a store (e.g., a department or grocery store), etc. Such public computers may be interconnected with other computers, such as other public computers via a local area network (LAN) or other public and/or non-public computers via a wide area network (WAN) such as the Internet, or alternatively may be stand-alone computers.
The public accessibility to such computers, as well as their potential interconnectivity, makes each computer an “open system”. An open system refers to a computer that is accessible to multiple individuals and/or other computers, some of which cannot be trusted with users' private information. Open systems are vulnerable to a wide variety of attacks intended to compromise the integrity of the systems and reveal users' private information. Such attacks can come from other computers via a network (e.g., the Internet), or alternatively from other users of the systems.
Public computers are particularly appealing for use with portable integrated circuit (IC) devices such as smart cards. A smart card is a small card, roughly the size of a typical credit card, that includes a microprocessor, memory, and an input/output (I/O) interface. Smart cards can be programmed to maintain any type of information. Examples of such information include private financial information (such as checking or savings account number, credit card numbers, and personal identification numbers (PINs)), as well as private identification information (such as a social security number or digital signature).
Unfortunately, when public computers are vulnerable to attack, so too are the smart cards that interface with the computers. A public computer could be executing, unbeknownst to the user, a “rogue” application that accesses private information on the smart card and subsequently takes various unauthorized actions. Examples of such unauthorized actions include charging goods or services to a particular account number and signing the smart card owner's signature to the charges, transferring money out of checking or savings accounts, etc. Another type of rogue application executing on the public computer could be an “imposter” of a legitimate program. For example, a public computer may include a banking program that allows users, upon providing the appropriate account numbers from their smart card, to access their current account status or purchase goods and services. A rogue application may pretend to be the banking application in order to receive the account numbers provided by the smart card, at which point various unauthorized actions could be taken by the rogue application.
Similarly, a rogue OS (operating system) might intercept a PIN (Personal Identity Number) or other smart card password entered on the open system's keyboard, or might intercept communications between the smart card and the application operating under the OS's control on the open system.
One solution that protects private information from rogue applications is to include, as part of the portable IC device, a display in order to display the requests being signed by the smart card on behalf of the user, a keyboard in order to allow the user to enter PINs and to accept or reject requests, and its own clock and battery supply to provide defense against various other attempts to obtain the private information. However, this solution provides a rather bulky and expensive “portable” IC device that is too costly to produce on a mass scale.
This invention addresses these disadvantages, providing an improved way to maintain the security of private information on a portable IC device.